1
0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-14 10:53:30 +02:00
Commit Graph

2763 Commits

Author SHA1 Message Date
Alexander Graf
54b46a13c6 save dkim key after creation 2021-07-25 15:51:13 +02:00
bors[bot]
bf65a1248f
Merge #1885
1885: fix 1884: always lookup a FQDN r=mergify[bot] a=nextgens

## What type of PR?

bugfix

## What does this PR do?

Fix bug #1884. Ensure that we avoid the musl resolver bug by always looking up a FQDN

### Related issue(s)
- closes #1884

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2021-07-24 19:09:56 +00:00
bors[bot]
bace7ba6e3
Merge #1890
1890: fix Email class in model.py r=mergify[bot] a=ghostwheel42

## What type of PR?

bug-fix

## What does this PR do?

fixes class Email - keep email, localpart and domain in sync.

### Related issue(s)

closes #1878


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2021-07-24 18:33:48 +00:00
Alexander Graf
ad1b036f20 fix Email class 2021-07-24 20:21:38 +02:00
bors[bot]
f8db4a0531
Merge #1887
1887: Docs: Limit fail2ban matches to front container r=mergify[bot] a=networkException

## What type of PR?

documentation

## What does this PR do?

Previously fail2ban matched against all journal entries. This pull request adds a tag to the logdriver and fail2ban filter documentation that limits the matches to entries from the front container

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: networkException <git@nwex.de>
2021-07-24 15:50:31 +00:00
bors[bot]
e72f2dead5
Merge #1886
1886: Fix 1294: ensure podop's socket is owned by postfix r=mergify[bot] a=nextgens

## What type of PR?

bugfix

## What does this PR do?

Ensure that the podop socket is always owned by the postfix user (wasn't the case when build using non-standard base images... typically for arm64)

### Related issue(s)
- closes #1294

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2021-07-24 15:24:24 +00:00
Florent Daigniere
8d9f3214cc Use threads in gunicorn rather than processes
This ensures that we share the auth-cache... will enable memory savings
and may improve performances when a higher number of cores is available

"smarter default"
2021-07-24 15:45:25 +02:00
networkException
8235085848
Docs: Limit fail2ban matches to front container
Previously fail2ban matched against all journal entries. This patch
adds a tag to the logdriver and fail2ban filter documentation that
limits the matches to entries from the front container
2021-07-24 15:25:59 +02:00
Florent Daigniere
fa915d7862 Fix 1294 ensure podop's socket is owned by postfix 2021-07-24 14:39:40 +02:00
Florent Daigniere
9d2629a04e fix 1884: always lookup a FQDN 2021-07-24 12:40:38 +02:00
bors[bot]
56a6821875
Merge #1880
1880: Update jquery dependency  of setup and set pinned versions r=mergify[bot] a=Diman0

## What type of PR?

enhancement

## What does this PR do?
Update used jquery javascript files.
Also sets pinned (fixed) versions in requirements.txt. I set the same versions as used in requirements-prod.txt for the admin image. 

### Related issue(s)
- Update dependencies as discussed in #1829 
- closes #1868

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.


- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2021-07-22 16:19:25 +00:00
Dimitri Huisman
67e00bb1e7 Add changelog 2021-07-22 14:56:30 +00:00
Dimitri Huisman
b0fb9d822b Adapt requirements.txt to use pinned versions. 2021-07-22 14:44:30 +00:00
Dimitri Huisman
b140fa54ac Update jquery js dependencies in setup 2021-07-22 14:43:03 +00:00
Diman0
64bf75efb1 Added missing extension in conf.py. Added missing library in requirements.txt. Sphinx is only compatible with docutils<0.17 2021-07-21 12:18:14 +02:00
bors[bot]
0031f262cc
Merge #1871
1871: Replace PUBLIC_HOSTNAME/IP with real data in Received headers r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

This will ensure that we don't get spam points for not respecting the RFC (gmail is notorious for not liking it)

### Related issue(s)
- close #1448
- #466
- #191

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2021-07-20 12:13:19 +00:00
bors[bot]
d010f1d30d
Merge #1874
1874: Remove dot in blueprint name to prevent critical flask error r=mergify[bot] a=Diman0

## What type of PR?

Bug-fix 

## What does this PR do?
Currently setup uses the version (1.7, 1.8, master) as the blueprint name for the setup flask instance. Flask introduced a breaking change that does not allow a dot in the blueprint name anymore. As a result the setup container does not start. This PR contains the bug fix for this issue.


```
stable_1       |   File "/app/server.py", line 58, in build_app
stable_1       |     prefix_bp = flask.Blueprint(version, __name__)
stable_1       |   File "/usr/local/lib/python3.9/site-packages/flask/blueprints.py", line 195, in __init__
stable_1       |     raise ValueError("'name' may not contain a dot '.' character.")
stable_1       | ValueError: 'name' may not contain a dot '.' character.
stable_1       | Traceback (most recent call last):
```

 See https://flask.palletsprojects.com/en/2.0.x/changes/
```
Show an error when a blueprint name contains a dot. The . has special meaning, it is used to separate (nested) blueprint names and the endpoint name. #4041
```

### Related issue(s)
- #1814
- Closes #1818
- Closes #1869

I will close the linked issues personally once I have made the necessary changes on the infra machine after the backported PR has been merged. 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2021-07-20 11:52:35 +00:00
Dimitri Huisman
2e883c7ae2 Add changelog 2021-07-20 11:44:29 +00:00
Dimitri Huisman
06019452e3 Remove dot in blueprint name to prevent critical flask initialisation error. 2021-07-20 11:22:02 +00:00
Florent Daigniere
1d65529c94 The lookup could fail; ensure we set something 2021-07-18 18:43:20 +02:00
Florent Daigniere
8bc1d6c08b Replace PUBLIC_HOSTNAME/IP in Received headers
This will ensure that we don't get spam points for not respecting the
RFC
2021-07-18 18:24:46 +02:00
bors[bot]
c5ff72d657
Merge #1857
1857: disable startdate when autoreply is disabled r=mergify[bot] a=ghostwheel42

## What type of PR?

bug-fix

## What does this PR do?

disable the reply startdate field when autoreply is disabled


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2021-07-16 06:58:57 +00:00
bors[bot]
de0536c694
Merge #1858
1858: Docs: Replace hardcoded journald logpath with systemd backend r=mergify[bot] a=networkException

The file at /var/log/messages is not universal for every
distribution. Fail2ban can access journald logs directly
by using the systemd backend.

## What type of PR?

documentation

## What does this PR do?

The path /var/log/messages does not apply for Ubuntu 20.04 for example, because of that I have looked
at alternative ways to access journald in fail2ban. The proper way seems to be to use the systemd
backend, this patch updates the documentation accordingly.

### Related issue(s)
*none*

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: networkException <git@nwex.de>
2021-07-14 17:53:15 +00:00
bors[bot]
0147b19064
Merge #1862
1862: fix #1861: allow colons in passwords: fix the parsing of http-basic auth headers r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Fix a bug preventing colons from being used in passwords when using radicale/webdav.
Thank you to @parisni for reporting it and @ghostwheel42 for spotting it.

### Related issue(s)
- close #1861

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [X] In case of feature or enhancement: documentation updated accordingly
- [X] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2021-07-14 07:34:48 +00:00
Florent Daigniere
a0dcd46483 fix #1861: Handle colons in passwords 2021-07-14 09:27:00 +02:00
networkException
a2cf13c548
Template: Update link to changelog entry documentation for pull requests 2021-07-09 15:15:38 +02:00
networkException
f80e04a8c5
Docs: Replace hardcoded journald logpath with systemd backend
The file at /var/log/messages is not universal for every
distribution. Fail2ban can access journald logs directly
by using the systemd backend.
2021-07-08 22:10:23 +02:00
Alexander Graf
180026bd77 also disable startdate 2021-07-07 11:33:48 +02:00
Alexander Graf
56cfcf8b64 converted tabs to spaces 2021-07-07 10:32:59 +02:00
Alexander Graf
6377ccb2cb re-add jquery and select2 used in app.js 2021-07-07 10:30:07 +02:00
Alexander Graf
3c8a8aa8f0 use less v3 to make less-loader happy 2021-07-06 19:47:13 +02:00
Alexander Graf
1bb059f4c1 switched to newest possible versions for nodejs v8 2021-07-06 19:36:28 +02:00
Alexander Graf
858312a5cb remove explicit jQuery dependency 2021-07-06 18:01:44 +02:00
bors[bot]
66ea28b50a
Merge #1845
1845: Update rainloop to 1.16.0 r=mergify[bot] a=nextgens

## What type of PR?

Security-update for rainloop.

## What does this PR do?

Upgrade to rainloop v1.16

### Related issue(s)
- #1829

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2021-07-06 09:13:21 +00:00
bors[bot]
cd4ef3285f
Merge #1852
1852: Improve ci r=mergify[bot] a=Diman0

## What type of PR?

Enhancement for CI. 

## What does this PR do?

Moved logic for configuring the tag for images for testing branch (bors try) and building the images, from deploy.sh (deploy job) to the Build job. Now the images are only built once during the build job. This saves about ~10 minutes for the CI workflow for bors try. Now for all situations (bors try, bors r+ and merge with master) should take around 20 minutes.

I did not create yet another newsfragment since it is an internal enhancement.
### Related issue(s)

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2021-07-06 08:41:53 +00:00
bors[bot]
0cd52ae3ca
Merge #1853
1853: Update dependencies r=mergify[bot] a=ghostwheel42

## What type of PR?

security update python dependencies

## What does this PR do?

updates cryptography, Jinja2, pyOpenSSL and  PyYAML to current versions

### Related issue(s)

security updates as discussed in #1829


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2021-07-06 08:22:03 +00:00
Alexander Graf
3bb0d68ead add cargo to build cryptography 2021-07-05 23:27:42 +02:00
Alexander Graf
9790dcdabe updated dependencies 2021-07-05 23:04:07 +02:00
Dimitri Huisman
c3f47f1ca0 Forgot that env var set in job 1 is not shared with job 2. Added logic for deriving MAILU_VERSION to deploy job. 2021-07-05 17:44:10 +00:00
Dimitri Huisman
58e751415c Yet another small typo. One day computers will understand I meant env.MAILU_BRANCH instead of MAILU_BRANCH. 2021-07-05 17:21:28 +00:00
Dimitri Huisman
7aa9b496fa Moved logic for building testing images from deploy job to build job. This should save time. Test number for ci workflow #1234 2021-07-05 17:09:48 +00:00
Florent Daigniere
474e5aa527 document 2021-07-05 17:11:09 +02:00
Florent Daigniere
72735ab320 remove cyrus-sasl-plain 2021-07-05 17:08:05 +02:00
Florent Daigniere
0211c06c37 don't need sudo here 2021-07-05 15:54:04 +02:00
Dimitri Huisman
0772e172ff
Merge pull request #1666 from cipianpascu/patch-1
Update front.yaml
2021-07-05 15:52:30 +02:00
Florent Daigniere
420afa53f8 Upgrade to alpine 3.14 2021-07-05 15:50:49 +02:00
bors[bot]
4a5f6b1f92
Merge #1791
1791: Enhanced session handling r=mergify[bot] a=ghostwheel42

## What type of PR?

bug-fix

## What does this PR do?

- replaces flask_kvsession and simplekv with a mailu-specific session store
- call cleanup_sessions before first request and not on startup.
  this allows to run cmdline actions without redis (and makes it faster)
- allow running without redis for debugging purposes by setting MEMORY_SESSIONS to True
- don't sign session id, as it has plenty of entropy (as suggested by nextgens)
- adds method to prune a user's sessions

### Related issue(s)
- enhances and close #1787


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2021-07-04 18:04:15 +00:00
Florent Daigniere
11917a5011 mend 2021-07-04 19:18:53 +02:00
bors[bot]
a61e17c777
Merge #1846
1846: fix newsfragment of #1841 r=mergify[bot] a=ghostwheel42

## What type of PR?

bug-fix

## What does this PR do?

moves newsfragment to correct location.


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2021-07-04 12:39:51 +00:00
Alexander Graf
8b71a92219 use fixed msg for key derivation 2021-07-03 22:32:47 +02:00